When saving new token, this gem uses a separate thread with new db connection to ensure token save (in case of a rollback in the main transaction). To make room for the new connections, it is recommended to increase db pool size by 2-3.

Configuration

The engine is configured by the following ENV variables:

BOOKINGSYNC_URL - the url of the website, should be

BOOKINGSYNC_APP_ID - BookingSync Application's Client ID

BOOKINGSYNC_APP_SECRET - BookingSync Application's Client Secret

BOOKINGSYNC_VERIFY_SSL - Verify SSL (available only in development or test). Default to false

BOOKINGSYNC_SCOPE - Space separated list of required scopes. Defaults to nil, which means the public scope.

You might want to use dotenv-rails
to make ENV variables management easy.

Embedded vs Standalone apps

The engine is set up by default to work with Embedded app for the BookingSync app store. This means that the OAuth flow will redirect using javascript
redirect to break out of the iframe.

Embedded apps

Embedded apps will need to allow BookingSync to load them in an
iframe.

This only has to be applied to the part of the application used in BookingSync

You can use the following helper in your controller to do just that:

after_action:allow_bookingsync_iframe

Standalone apps

Standalone applications will be working outside of BookingSync website. While it's not the recommended approach, some applications can benefit from this.

To make your application standalone, you must set the standalone mode by adding
the following code to an initializer:

Authentication in apps

BookingSync Engine will create some helpers to use inside your controllers and views.

Ensure authentication

To set up a controller with BookingSync account authentication, just add this before_action:

before_action:authenticate_account!

It will make sure an account is authenticated (using OAuth2).

New authorization process

If the user is not currently authenticated, 3 responses can be expected:

1) Through Ajax requests

By Ajax request, we consider them when the X-Requested-With header contains XMLHttpRequest.

In this case, the authorization path will be returned a plain text with a 401 Unauthorized status.

2) Embedded Application

Embedded applications will be given a script tag forcing them to change their parent location to the authorization path. This is necessary so the authorization happens in the main window, not within an iFrame.

3) Standalone Application

Standalone applications will simply be redirected to the authorization path.

Accessing the current account

To retrieve the current signed-in account, this helper is available:

current_account

Securing applications

Session cookies

You should make sure session cookies for you application have the secure
flag. This will be done by Rails automatically if you have configured
your environment with config.force_ssl = true. If not, you can change your
session_store.rb initializer: